Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Help with Web Protection issue would be greatly appreciated.


Recommended Posts

I am rather new here but not new to the MBAM program. I have 2 legitimate Premium versions of Malwarebytes and this issue has become rather frustrating so I am now requesting some assistance with the matter.

 

Windows 7 x64 Ultimate (legit as well from my former TechNet account)

Avast Free latest version for antivirus with MBAM added as an exclusion just to reduce/removal potential conflicts.

MBAM latest version (and prior version as well until yesterday when I downloaded the new version)

 

The system comes up clean so I do not feel there is an infection, my background is in PC repair and I a usually the one turned to not the one asking for help but I'm open to suggestions on this one!

 

This is my issue which I have searched and tried to resolve with no long term luck. Malicious Website Protection is not enabled and will not stay that way.

I tried the solutions listed here https://forums.malwarebytes.org/index.php?/topic/158722-malicious-website-protection-disabled/and it worked yesterday but this morning it is back to the red and white ! and it is again disabled. I had this issue a month or so back and it began working again after running mbam clean although it was on and off for a day or so then worked fine until yesterday. 

 

I tried deleting the rules file as instructed as well as running the mbam clean tool, uninstalls and reinstalls and all work fine for a short period of time then the issue returns. Obviously I would like to get this resolved with a permanent fix as doing the instructed clean, reinstall and reactivate is not producing long lasting results.

 

Thank you to any and all that might reply, I do hope someone has some insight that might help to resolve this issue permanently.

Link to post
Share on other sites

Thank you for welcoming me and for taking the time to offer some assistance with this matter. I did look at the stickied topics in the event one stated what specifically I should include but I did not notice any. 

 

I have scanned and attached the files you have requested. The only issue I see is the mbam-check file was not created as the other two items were so I am unable to attach anything in relation to the second set of instructions. The small DOS window appears then is gone but no files are created.

 

Thanks again.

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites

Okay so I decided to work around the problem (hopefully). I noticed the mbam-check file was actually an executable I could extract so I did that THEN ran the check and was able to get a file created that way, simply downloading and running as instructed did nothing. Attached is the resulting file from mbam-check. 

Again thank you.

CheckResults.txt

Link to post
Share on other sites

Your logs show signs of an infection, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

You also show that you have software from IOBIT on this computer; here is some interesting reading for you....

The company behind this product was found to be stealing Malwarebytes database.

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.

Please see the following links and make up your own mind if you want to keep this on your system. If needed we can help you remove it.

Thank you
Link to post
Share on other sites

I use Game Booster from IOBIT and I have a portable app I toy with from them. 

 

I use many files that are false positives in repairing PCs but before I begin looking into this infection you speak of would you be so kind to point out what it is that you are seeing which has you stating this please? Avast and MBAM come up clean by the way. Thanks again.

Link to post
Share on other sites

I did not say you were infected, I just said there are signs... like group policies for example... all other tools that need to be run to fix this computer can not be performed in this section of the forum...

 

Sorry I misspoke, signs of infection. I have HEAVILY modified this installation of Windows but scans with TDSSKiller, Hitman Pro, Avast, MBAM, Adwcleaner and other tools leave me feeling okay with it and I appreciate your help. I will pursue more searching as it pertains to resolving the MBAM issue and see if I cannot locate some more info here on the forum. Thanks for the assistance and your time. If I locate a resolution I will happily post it back here most likely.

Link to post
Share on other sites

In case it is helpful to others I thought I would share the information on exactly what occurs according to the Event Viewer when this problem occurs.

 

At the exact moment the Protection Disabled msg appears this is the log in the Event Viewer:

A service was installed in the system.
 
Service Name:  MBAMSwissArmy
Service File Name:  C:\Windows\system32\drivers\MBAMSwissArmy.sys
Service Type:  kernel mode driver
Service Start Type:  demand start
Service Account:  
 
Prior to that there are several MBAM related entries created that read as follows:
Mbamchameleon Failed to obtain file name information - C000000D
 
Hopefully that is something others might check and compare and thus help with a solution.
Link to post
Share on other sites

Okay so I can assume that if one modifies their system extensively (this is understating things I assure you) and it "looks" like their might be a "possible" infection than all assistance ends?

 

I ask because if you run all major/popular scans and the system comes up clean should that not be enough to have further assistance? 

As I mentioned above MBAM works fine for awhile after a reboot but as soon as the above mentioned MBAMSwissArmy related log is created inside the Event Viewer the Web Protection becomes disabled but Malware Detection remains active. Someone must know more of the way MBAM works and what causes this type of issue. Using the clean tool multiple times does not resolve the issue and the requested log files were created but nothing helpful to the actual problem has yet been posted. I'm welcome to info from other members as well as those that typically assist with issues. 

 

I'm not trying to be a bother but I am a staff member on forums and I have been staff on many in the past as well and usually there is a lot of suggestions and support by many members which in some cases helps to bring about a resolution.

 

Again I checked and when this is created:

A service was installed in the system.
 
Service Name:  MBAMSwissArmy
Service File Name:  C:\Windows\system32\drivers\MBAMSwissArmy.sys
Service Type:  kernel mode driver
Service Start Type:  demand start
Service Account:  
 
A Web Protection Disabled alert pops up and the red circle with white ! is shown.
 
Operating on the premise there is no infection are there any other suggestions that have yielded positive lasting results?
 
Thanks!
Link to post
Share on other sites

Okay so here is the deal it would seem... CCleaner creates issues with Web Protection somehow. In doing some searching this seems to be the variable that does not change, running CCleaner with real-time monitoring would create the problem for MBAM, shutdown CCleaner and things work as expected. If you update CCleaner to the latest version then that would appear to resolve the issues but if that changes I will report back here in the effort to help other people possibly resolve this issue. I had expected more community support from members as with so many forums over the years but in the end it is resolved it would seem. Being on so many forums and being staff on so many this forum "feels" odd with the way it seems to offer support so perhaps I just was not aware of the method of operation. I appreciate what help was offered but seeing as it ceased and I found my own solution I figured at least I'd share this with others to end their frustrations. I hope it helps at least a few and thanks again!

Link to post
Share on other sites

Okay so here is the deal it would seem... CCleaner creates issues with Web Protection somehow. In doing some searching this seems to be the variable that does not change, running CCleaner with real-time monitoring would create the problem for MBAM, shutdown CCleaner and things work as expected. If you update CCleaner to the latest version then that would appear to resolve the issues but if that changes I will report back here in the effort to help other people possibly resolve this issue. I had expected more community support from members as with so many forums over the years but in the end it is resolved it would seem. Being on so many forums and being staff on so many this forum "feels" odd with the way it seems to offer support so perhaps I just was not aware of the method of operation. I appreciate what help was offered but seeing as it ceased and I found my own solution I figured at least I'd share this with others to end their frustrations. I hope it helps at least a few and thanks again!

Disregard...worked for awhile but ultimately the issue returned.

Link to post
Share on other sites

Well You have done some good work there.  To continue work with this 'modified install/tweaked system' you would have to seek help in the section I mentioned above in post #5. The tools that need to be run to help you resolve your issue need to be run in that section of the forum, we are not allowed to use those tools in this section of the forum.

 

Further more you can seek help from support HERE and click on the Contact Us Link

 

I do not work for Malwarebytes, I am only a volunteer here and I am only trying to steer you in the right direction is all.

Link to post
Share on other sites

Well You have done some good work there.  To continue work with this 'modified install/tweaked system' you would have to seek help in the section I mentioned above in post #5. The tools that need to be run to help you resolve your issue need to be run in that section of the forum, we are not allowed to use those tools in this section of the forum.

 

Further more you can seek help from support HERE and click on the Contact Us Link

 

I do not work for Malwarebytes, I am only a volunteer here and I am only trying to steer you in the right direction is all.

I understand, since I am not infected or interested in working on an issue as if I might be I have no need or desire to go to that area of the forum. I get you do not work for MBAM, I am a Super Mod on several forums where I have been for years and like you I do not actually work for but assist with issues when needed. I have also been working in the IT field for many years, this system is running on 4 yrs so there is a lot of "buildup" over the years and I'm simply not yet willing to restore the system. I appreciate your help. I have turned off CCleaner and so far everything is still working as of right now but I didn't want to call it a "solution" so I retracted my last statement.

 

I had same problem with windows 7 64 bit, could not enable malicious website protection, appeared to be the result of a too thorough registry cleaning. I deactivated my license, then reactivated it using existing key, it has fixed the problem for me. Hope this helps.

Thank you for your reply, I do not use or suggest any registry cleaning (especially with Win7 and later OS) so no issues in that area.

Link to post
Share on other sites

  • 1 month later...

Just as an FYI...

 

Right around the time the mbam issue happened I added a new HD, turns out that I tested and found 1 of 6 memory modules was in the early stages of failure. Once that module was removed mbam went  back to working and I have since RMA'd and reinstalled the modules, all is well. While this may not apply to others with this issue I felt it should be stated things are resolved and the only changes are the replacement of the memory modules.

 

Thanks

Link to post
Share on other sites

Glad to hear your issue is resolved, glad we could help with trouble shooting...

Thanks. My only issue with how that went down was once there was a thought that an infection was the source or potential problem assistance pretty much ceases and people are directed to another area of the forum. Since this system is actually not infected (although it may seem some signs would suggest it) that part of the forum helps me none at all and my actual problem continued. I also find the community type help offering seems frowned upon and only specific "helpers" are allowed or expected to assist those in need. Having been involved in the IT field for over 15 years I am often the guy called by other repair techs and even store owners that are also working techs themselves I tend to enjoy helping others when possible. (I also like toying with a lot of software hence the insanity of my system as far as logs might show). The system runs pretty much 24/7 with a reboot or maybe two a month and has on the same load of Windows since mid 2010 when I built this Intel i7 system. Still going strong and without issue. Anyway, thanks for reading and offering to help. I generally spend my time on car forums and have the 10K+ posts there so it isn't likely you'll be seeing much of me around here.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.